CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/vkaushik-chef/regreSSHion
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/vkaushik-chef/regreSSHion
GitHub
GitHub - vkaushik-chef/regreSSHion: Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387
Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387 - vkaushik-chef/regreSSHion
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/asterictnl-lvdw/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/asterictnl-lvdw/CVE-2024-6387
GitHub
GitHub - Karmakstylez/CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) - Karmakstylez/CVE-2024-6387
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/unknownzerobit/poc
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/unknownzerobit/poc
GitHub
GitHub - unknownzerobit/poc: poc for CVE-2024-34102
poc for CVE-2024-34102 . Contribute to unknownzerobit/poc development by creating an account on GitHub.
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
GitHub
GitHub - Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit: This is an Exploit for Unrestricted file upload in big file upload functionality…
This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo...
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/insomnia-jacob/CVE-2023-4220-
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/insomnia-jacob/CVE-2023-4220-
GitHub
GitHub - insomnia-jacob/CVE-2023-4220: CVE-2023-4220 POC RCE
CVE-2023-4220 POC RCE. Contribute to insomnia-jacob/CVE-2023-4220 development by creating an account on GitHub.
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/yq93dskimzm2/CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/yq93dskimzm2/CVE-2024-3094
CVE-2007-2447
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
GitHub
GitHub - IamLucif3r/CVE-2007-2447-Exploit: This is a exploit for CVE-2007-2447; Vulnerable SMB
This is a exploit for CVE-2007-2447; Vulnerable SMB - GitHub - IamLucif3r/CVE-2007-2447-Exploit: This is a exploit for CVE-2007-2447; Vulnerable SMB
CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Github link:
https://github.com/th3gokul/CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Github link:
https://github.com/th3gokul/CVE-2024-5009
GitHub
GitHub - th3gokul/CVE-2024-5009: CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation
CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation - th3gokul/CVE-2024-5009
CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Github link:
https://github.com/fhAnso/CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Github link:
https://github.com/fhAnso/CVE-2023-28432
GitHub
GitHub - fhAnso/CVE-2023-28432: CVE-2023-28432 - MinIO Information Disclosure
CVE-2023-28432 - MinIO Information Disclosure. Contribute to fhAnso/CVE-2023-28432 development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
GitHub
GitHub - kubota/CVE-2024-6387-Vulnerability-Checker: This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability
This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability - kubota/CVE-2024-6387-Vulnerability-Checker
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/B1TC0R3/CVE-2023-4220-PoC
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/B1TC0R3/CVE-2023-4220-PoC
GitHub
GitHub - B1TC0R3/CVE-2023-4220-PoC: Proof of concept exploit for CVE-2023-4220
Proof of concept exploit for CVE-2023-4220. Contribute to B1TC0R3/CVE-2023-4220-PoC development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
GitHub
GitHub - filipi86/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH…
This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. - ...
CVE-2023-30253
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Github link:
https://github.com/andria-dev/DolibabyPhp
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Github link:
https://github.com/andria-dev/DolibabyPhp
GitHub
GitHub - andria-dev/DolibabyPhp: An authenticated RCE exploit for Dolibarr ERP/CRM CVE-2023-30253.
An authenticated RCE exploit for Dolibarr ERP/CRM CVE-2023-30253. - andria-dev/DolibabyPhp
CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Github link:
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Github link:
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-
GitHub
GitHub - pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-: Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module…
Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692) - pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-